Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

9/19/2019
07:00 AM
Ericka Chickowski
Ericka Chickowski
Edge Features
Connect Directly
Twitter
RSS
E-Mail
50%
50%

The 20 Worst Metrics in Cybersecurity

Security leaders are increasingly making their case through metrics, as well they should - as long as they're not one of these.

Overly Complex Metrics

Says Caroline Wong, chief strategy officer at Cobalt.io: "Before you present a security metric with a complex calculation behind it — whether it's something formal like FAIR or a customer security score that you use internally — consider how familiar your audience may already be or not be with the calculation behind the score. If your audience is not familiar with how you get to the number(s) you're presenting, you may find yourself defending the methodology and calculation more than you actually get to discuss the security metric itself, its meaning, and the action that you recommend as a result."

(Image: Sergey Nivens via Adobe Stock)

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. 
View Full Bio

Previous
2 of 21
Next
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
peterhill
100%
0%
peterhill,
User Rank: Apprentice
9/19/2019 | 9:03:32 AM
So many bad metrics...
What's left?  How about a follow up on the 20 best metrics?
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
9/23/2019 | 1:16:23 PM
Re: So many bad metrics...
I second this. A juxtaposing list would be helpful considering that this list covers a lot of prevalently used metrics in the industry.
RichardM23501
50%
50%
RichardM23501,
User Rank: Apprentice
6/29/2020 | 9:04:13 AM
Re: So many bad metrics...
Agreed. Clicking thru these 21 pages was an utter waste of time.

Meaningful cyber metrics is a very challenging field. Besides the clickbait title, "The Top 20 BEST Cyber Metrics"  should never be written. The field is too wide. 

To hit a home run, go ask the BoD, CEO or Chief Risk Officer what metrics help them make strategic decisions. Everything else is busywork and job justification.
   OVER THE EDGE
All Links Are Safe ... Right?

Source: Mimecast

What security-related videos have made you laugh? Let us know! Add them to the Comments section or email us at [email protected].

Name That Toon: Sign of the Tides
Flash Poll